Technical Field
This disclosure relates generally to enforcing policy in a network environment. More particularly, it relates to dynamically detecting a network policy in a multi-tenant network environment such as a cloud environment.
Background of the Related Art
An emerging information technology (IT) delivery model is cloud computing, by which shared resources, software and information are provided over the Internet to computers and other devices on-demand. Cloud computing can significantly reduce IT costs and complexities while improving workload optimization and service delivery. With this approach, an application instance can be hosted and made available from Internet-based resources that are accessible through a conventional Web browser over HTTP. An example application might be one that provides a common set of messaging functions, such as email, calendaring, contact management, and instant messaging. A user would then access the service directly over the Internet. Using this service, an enterprise would place its email, calendar and/or collaboration infrastructure in the cloud, and an end user would use an appropriate client to access his or her email, or perform a calendar operation.
Cloud computing resources are typically housed in large server farms that run network applications, either using a hardware architecture, so-called bare metal cloud hosting, or using a virtualized architecture wherein applications run inside virtual servers, or so-called “virtual machines” (VMs), that are mapped onto physical servers in a data center facility. The virtual machines typically run on top of a hypervisor, which is a control program that allocates physical resources to the virtual machines.
One or more “containers” can run on a cloud server or VM. A “container” is “lighter” than a VM in terms of using cloud resources. A container is a common deployment model in the cloud; multiple containers run on one virtual machine and one bare metal server can run multiple virtual machines, thus creating a nested structure.
It is known for an organization to arrange computing resources in a hybrid cloud environment, containing both a private cloud in which the computing resources are owned by the organization and provide services only for that organization, and a public cloud in which another organization provides computing services for a plurality of “tenants” including the organization operating the hybrid cloud. One clear benefit of a hybrid cloud model is having on-premises, private infrastructure that is directly accessible, while providing access to the public cloud environment in times of high demand.
The dynamic nature of the cloud computing environment, with the cloud hosting service changing the assignment of tenants to cloud resources, and the changing requests of the tenants for different services and applications within the environment makes it difficult to maintain a security policy for a given tenant or set of tenants.
Therefore, there is a need to improve security in a cloud environment.